Vulnerabilities > Bigantsoft > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-07 | CVE-2021-43430 | Unrestricted Upload of File with Dangerous Type vulnerability in Bigantsoft Bigant Office Messenger 5 5.6 An Access Control vulnerability exists in BigAntSoft BigAnt office messenger 5.6 via im_webserver, which could let a malicious user upload PHP Trojan files. | 6.5 |
| 2022-03-21 | CVE-2022-23346 | Unrestricted Upload of File with Dangerous Type vulnerability in Bigantsoft Bigant Server 5.6.06 BigAnt Software BigAnt Server v5.6.06 was discovered to contain incorrect access control issues. | 6.5 |
| 2022-03-21 | CVE-2022-23347 | Path Traversal vulnerability in Bigantsoft Bigant Server 5.6.06 BigAnt Software BigAnt Server v5.6.06 was discovered to be vulnerable to directory traversal attacks. | 5.0 |
| 2022-03-21 | CVE-2022-23348 | Use of Password Hash With Insufficient Computational Effort vulnerability in Bigantsoft Bigant Server 5.6.06 BigAnt Software BigAnt Server v5.6.06 was discovered to utilize weak password hashes. | 5.0 |
| 2022-03-21 | CVE-2022-23349 | Cross-Site Request Forgery (CSRF) vulnerability in Bigantsoft Bigant Server 5.6.06 BigAnt Software BigAnt Server v5.6.06 was discovered to contain a Cross-Site Request Forgery (CSRF). | 6.8 |
| 2022-03-21 | CVE-2022-23352 | Infinite Loop vulnerability in Bigantsoft Bigant Server 5.6.06 An issue in BigAnt Software BigAnt Server v5.6.06 can lead to a Denial of Service (DoS). | 5.0 |
| 2013-02-24 | CVE-2012-6274 | Improper Authentication vulnerability in Bigantsoft Bigant IM Message Server BigAntSoft BigAnt IM Message Server does not require authentication for file uploading, which allows remote attackers to create arbitrary files under AntServer\DocData\Public via unspecified vectors. | 5.0 |
| 2010-03-03 | CVE-2009-4661 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Bigantsoft Bigant Server Multiple buffer overflows in BigAnt Server 2.50 SP6 and earlier allow user-assisted remote attackers to cause a denial of service (application crash) via a crafted ZIP file that is not properly handled when the victim uses the (1) Update or (2) Plug-In console menu item. | 4.3 |